libextractor: Two heap-based buffer overflows
— GLSA 200605-14

libextractor is vulnerable to two heap overflow vulnerabilities which could
lead to the execution of arbitrary code.

Affected Packages

Package

media-libs/libextractor on all architectures

Affected versions

< 0.5.14

Unaffected versions

>= 0.5.14

Background

libextractor is a library used to extract metadata from arbitrary
files.

Description

Luigi Auriemma has found two heap-based buffer overflows in
libextractor 0.5.13 and earlier: one of them occurs in the
asf_read_header function in the ASF plugin, and the other occurs in the
parse_trak_atom function in the Qt plugin.

Impact

By enticing a user to open a malformed file using an application
that employs libextractor and its ASF or Qt plugins, an attacker could
execute arbitrary code in the context of the application running the
affected library.